by Henry Sprafkin | Jun 7, 2021 | Blog
The first two installments in this series focused on risk management and risk-based control selection. While not a requirement, it is best to build the security control library based on an established control framework. There are over 200 different risk management,...
by Jon Stone | Jul 24, 2020 | Blog
The HIPAA Security Rule, as well as NIST and other standards, stipulate that a risk analysis and risk management process should be ongoing, and not a once and done process. The Office for Civil Rights “Guidance on Risk Analysis Requirements Under the HIPAA Security...